tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tommy Pham <tommy...@gmail.com>
Subject Re: TC 9.0.21: ContextListener + Servlet app
Date Thu, 20 Jun 2019 10:00:12 GMT
Hi Mark,


On Sun, Jun 16, 2019 at 2:25 AM Tommy Pham <tommyhp2@gmail.com> wrote:

> Hi Chris,
>
> Thank you for the feedback.
>
> On Sat, Jun 15, 2019 at 10:44 PM Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Tommy,
>>
>> On 6/15/19 21:51, Tommy Pham wrote:
>> > Hi Mark,
>> >
>> > After some research and thought about internal application flow, I
>> > think the 'cleanest' is have TC's default servlet handle the *.html
>> > requests and use the assigned filter to restrict the access as
>> > desired.  Is there a better approach?  On that plan, I have this
>> > mapping for TC's default servlet and init:
>> >
>> > Filter AppFilterAccessLog's servlet mapping: Servlet name: default
>> > , registered class: org.apache.catalina.servlets.DefaultServlet.
>> > Servlet default's mapping: /img/* /css/* /WEB-INF/*
>>
>> Uh... you sure you want that? What is stopping a client from requesting
>> /WEB-INF/web.xml?
>>
>> > /js/* Servlet default's init parameters: listings: false debug: 0
>> >
>> > If I use *.html instead of /WEB-INF/*, it goes into infinite loop
>> > redirecting / forwarding until exception is thrown (I think that
>> > root cause is servlets' startup ordering).  Below are what my
>> > access log filter see for HttpServletRequest:
>> >
>> > Attributes: javax.servlet.forward.request_uri=/erm-0.0.1-SNAPSHOT/
>> > javax.servlet.forward.context_path=/erm-0.0.1-SNAPSHOT
>> > javax.servlet.forward.servlet_path=
>> > javax.servlet.forward.path_info=/
>> >
>> > javax.servlet.forward.mapping=org.apache.catalina.core.ApplicationMapp
>> ing$MappingImpl@7fc1f887
>> >
>> >
>> org.apache.logging.log4j.web.Log4jServletFilter.FILTERED=true
>> > Class: org.apache.catalina.core.ApplicationHttpRequest
>> > DispatcherType: FORWARD [javax.servlet.DispatcherType]
>> > HttpServletMapping: Class:
>> > org.apache.catalina.core.ApplicationMapping$MappingImpl
>> > MappingMatch: PATH MatchValue: setup/step_0.html Pattern:
>> > /WEB-INF/* ServletName: default
>> >
>> > Below is from the actual filter assigned to TC's default servlet
>> > intended to restrict access:
>> >
>> > ContextPath: /erm-0.0.1-SNAPSHOT DispatcherType: FORWARD PathInfo:
>> > /setup/step_0.html PathTranslated:
>> > D:\apache-tomcat-9.0.21\webapps\erm-0.0.1-SNAPSHOT\setup\step_0.html
>> >
>> >
>> Method: GET
>> > RequestURI: /erm-0.0.1-SNAPSHOT/WEB-INF/setup/step_0.html
>> > RequestURL:
>> > http://localhost:8080/erm-0.0.1-SNAPSHOT/WEB-INF/setup/step_0.html
>> > ServletPath: /WEB-INF ServletContext.ServletContextName: erm
>> > response: org.apache.catalina.connector.ResponseFacade
>> >
>> > I think everything seems correct except the PathTranslated.  It
>> > should be:
>> >
>> > D:\apache-tomcat-9.0.21\webapps\erm-0.0.1-SNAPSHOT\WEB-INF\setup\step_
>> 0.html
>> >
>> >  where the file is.  I'm unable to find out why it's wrong after a
>> > couple hours of searching since the the browser shows an empty
>> > page...  The string "/WEB-INF/setup/step_0.html" was passed to
>> > request.getRequestDispatcher(). According to the doc [1], " If the
>> > path begins with a "/" it is interpreted as relative to the current
>> > context root." everything is as it should be right, other than
>> > PathTranslated?  Or did I misunderstood the usage of
>> > getRequestDispatcher().forward()?  Currently, I have 4 filters in
>> > place and all are in passive monitoring mode.  None of them have
>> > the code logic to perform their intended functions.  3 filters
>> > mapped to URL /* and one assigned to TC's default servlet.  I'll
>> > work out their filtering order before the intended functions are
>> > implemented.
>>
>> Filters are applied in a predictable order. I highly recommend reading
>> the servlet specification to see how these things are defined to work.
>> It's quite readable.
>>
>> Why not allow Tomcat to serve everything in the web application (other
>> than /WEB-INF/* and /META-INF/*) as usual? What is it that you need to
>> put into there that you can't hide in some other way?
>>
>> It sounds like you are unnecessarily complicating your life.
>>
>> - -chris
>>
>
> I was using "/WEB-INF/*" as a test of the scaffolding for my application
> since previously "*.html" ended up infinite loop which, eventually, it
> threw an exception.  Now that I've got "*.html" working, I'm still getting
> a blank page.  The HTML files are only served as UI for the initial setup
> of the application.  There won't be any static files other than JS, CSS,
> and images when the application is fully configured by administrator.  Here
> are the servlets configuration:
>
> Servlet name: default , registered class:
> org.apache.catalina.servlets.DefaultServlet.
> Servlet default's mapping:
>      /img/*
>      /css/*
>      /js/*
>      *.html
> Servlet default's init parameters:
>      listings: false
>      debug: 0
> Servlet name: AppServlet , registered class: com.sointe.web.AppServlet.
> Servlet AppServlet's mapping:
>      /
> Servlet AppServlet's init parameters:
> Servlet name: jsp , registered class: org.apache.jasper.servlet.JspServlet.
> Servlet jsp's mapping:
>      *.jspx
>      *.jsp
> Servlet jsp's init parameters:
>      fork: false
>      xpoweredBy: false
>
> And HttpServletRequest's info:
>
> Attributes:
>         javax.servlet.forward.request_uri=/erm-0.0.1-SNAPSHOT/
>         javax.servlet.forward.context_path=/erm-0.0.1-SNAPSHOT
>         javax.servlet.forward.servlet_path=/
>
> javax.servlet.forward.mapping=org.apache.catalina.core.ApplicationMapping$MappingImpl@5e9215c0
>         org.apache.logging.log4j.web.Log4jServletFilter.FILTERED=true
> DispatcherType: FORWARD [javax.servlet.DispatcherType]
> HttpServletMapping:
>         Class: org.apache.catalina.core.ApplicationMapping$MappingImpl
>         MappingMatch: EXTENSION
>         MatchValue: WEB-INF/setup/step_0
>         Pattern: *.html
>         ServletName: default
>
> and the actual filter assigned to TC's default servlet to restrict access:
>
> AppFilterStaticFiles.doFilter:52 - Class:
> org.apache.catalina.core.ApplicationHttpRequest
> AppFilterStaticFiles.doFilter:53 - ServletContext Class:
> org.apache.catalina.core.ApplicationContextFacade
> AppFilterStaticFiles.doFilter:54 - ContextPath: /erm-0.0.1-SNAPSHOT
> AppFilterStaticFiles.doFilter:55 - DispatcherType: FORWARD
> AppFilterStaticFiles.doFilter:56 - Method: GET
> AppFilterStaticFiles.doFilter:57 - PathInfo: null
> AppFilterStaticFiles.doFilter:58 - PathTranslated: null
>
> AppFilterStaticFiles.doFilter:59 - getServletContext().getRealPath() of
> ServletPath:
> D:\apache-tomcat-9.0.21\webapps\erm-0.0.1-SNAPSHOT\WEB-INF\setup\step_0.html
>
> AppFilterStaticFiles.doFilter:60 - RequestURI:
> /erm-0.0.1-SNAPSHOT/WEB-INF/setup/step_0.html
> AppFilterStaticFiles.doFilter:61 - RequestURL:
> http://localhost:8080/erm-0.0.1-SNAPSHOT/WEB-INF/setup/step_0.html
> AppFilterStaticFiles.doFilter:62 - ServletPath: /WEB-INF/setup/step_0.html
> AppFilterStaticFiles.doFilter:63 - ServletContext.ServletContextName: erm
> AppFilterStaticFiles.doFilter:67 - response:
> org.apache.catalina.connector.ResponseFacade
>
> In looking at the code for ApplicationHttpRequest [1] for the
> getPathTranlated()
>
>     @Override
>     public String getPathTranslated() {
>         if (getPathInfo() == null || getServletContext() == null) {
>             return null;
>         }
>         return getServletContext().getRealPath(getPathInfo());
>     }
>
> and for the getRequestDispatcher()
>
>         if (pathInfo == null) {
>             requestPath = servletPath;
>         } else {
>             requestPath = servletPath + pathInfo;
>                   }
>
> Perhaps the getPathTranslated() could be ?
>
> if ( getServletContext() != null) {
>     if (getServletPath() != null) {
>        if (getPathInfo() != null) {
>
>            return getServletContext().getRealPath(getServletPath() +
> getPathInfo());
>        }
>        return getServletContext().getRealPath(getServletPath());
>     }
> }
> return null;
>
> I think that would also fix the translated path I saw earlier which
> resulted in a blank page for the browser.
>
> Thanks,
> Tommy
>
>
> [1]
> https://github.com/apache/tomcat/blob/master/java/org/apache/catalina/core/ApplicationHttpRequest.java
>
>

>From my findings, do you it's a bug with the getPathTranslated?  Should I
submit a bug report with the details of my finding?

Thanks,
Tommy




> -----BEGIN PGP SIGNATURE-----
>> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>>
>> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl0F1yoACgkQHPApP6U8
>> pFgu2g//RlYf7TmtSzoh5pUsunI5U12r/y99sgO6nGe7cDyjqKeBUJrIOWU52ay4
>> hrUc/I7H2v9BT38bAB1ql4L963ssh7v11erjUtXYqENiBRNX6gF9KPzNkDYLqJqc
>> Va5W+a8WpTiQDu5rW1TUP3sgSxRNtjrumLQou/afP6Mggadx9uDzIlN8WnUgHihX
>> a2s3hsxU/uK4RYjNNXdZWB8Kyt+nb7C4PH197WV7zohvnxFLIa+JHnAXwu8BnD47
>> qLjAyfOEqycpH+jCQ0VOyz863KAM623tS20a6IVCmfGQdNtW3rYCjTiUl4Ck4c1Z
>> vpe71rnNn+wnq3tKlv6KRvnIKkqdP/yda4c6zSqnLrQZJaHYivgU/kSGm74KgSaU
>> jE/PQeRgbZVdWaaWMS+vY5n8BVinad+NZlP4clblzCnjCIEHRE1vlPN4jD5FAVY9
>> kF97H8r6o4wWamkHACSgiRvO6eXmL0E9I0hDOXayWLSoTeQP8kLuWbJYMcWCMy/t
>> p1SlbIi8MvFB5ZLZPynMxC2vhxc2ecuN4qPwQSPhZci5ejUZ5FfNQ7Pq84yWNq6/
>> 6oTn9OpitGHoTQuC1EouClCS2Ky5NkwepbOrWzb7qbAA33q0UG0vE+9SZtbrqueV
>> mCzh49FkuKxAlajrSWOKu1fm+HpLLYHacUXVoRuHGnXzd7vsVEg=
>> =QyrT
>> -----END PGP SIGNATURE-----
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message